The browser application has detected a critical security hole which is Same Origin Policy (SOP) installed on hundreds of millions of Samsung Android devices that would allow an attacker to steal data from browser tabs when a user visits an attacker’s website.

Identified as CVE-2017-17692, this gap exists in the Bypass Same Origin Policy (SOP) included in version 5.4.02.3 of the browser Samsung Internet Explorer and earlier versions.

The same identity principle or SOP (Same Origin Policy) is a security feature used in modern browsers to interact with websites from the same website, preventing mutual interference of unrelated websites.

In other words, the SPO guarantees that the JavaScript code of the source cannot access the properties of the website of another origin.

SOP(Same Origin Policy) may bypass the vulnerability of the Samsung Internet browser discovered by Dhiraj Mishra, which may allow a malicious website to steal data, such as passwords or cookies from pages opened by the victim on different cards.

“If the Samsung web browser opens a new tab in a specific domain (e.g., Google.com) using a JavaScript action, JavaScript can after the approval and rewrite the contents of this page as needed.” According to scientists from the security company Rapid7.

“This is not not in the browser design, because it means that JavaScript may violate the same rules of origin and control the JavaScript activity of the page (which is controlled by the attacker) to another in the context of What else, an attacker can enter a custom JavaScript code into each domain, provided that the victim visits a website controlled by the attacker for the first time. ”

Attackers can even track a copy of the cookie session or hack into your session and read and write Internet mail on your behalf.

Mishra reported a security hole in Samsung, and the company replied that “the patch is already installed in our next Galaxy Note 8, and the application will be updated in October by updating the app store.”

In the meantime, with the help of Tod Beardsley and Jeffrey Martin of Rapid7, Mishra released the feat for the Metasploit Framework.

Researchers from Rapid7 also published video demonstrating the attack.

Because the exploit code for Metasploit for the Same Origin Policy (SOP) gap bypasses the vulnerability in the Samsung browser, it is now publicly available, anyone with less technical knowledge can exploit this vulnerability on a large number of Samsung devices, most of which are still in use. Use Android Stock Browser.

Official Hacker is your news, tips and tricks website. We provide you with the latest hacking news and hacking tutorials straight from the cyber industry.
OUR MOTTO:- Security In a Professional Way
According To FeedSpot, We Are Awarded As One Of The Top 75 Hacker Blogs Available On The Web. (Securing 45th Position)